Subject: CUPS vulnerabilities fixed? Need to update pkg-vulnerabilities file
To: None <,>
From: Andrew Daugherity <>
List: tech-pkg
Date: 02/22/2006 22:35:45
I see that the new CUPS package (1.1.23nb7) has supposedly fixed the
security issue:
[From CVS log for print/cups/Makefile, Revision]
  Port the security fixes for SA18303 from print/xpdf to print/cups.

Thanks for importing the patches!

However, the pkg-vulnerabilities file still shows all versions of CUPS
as being vulnerable:
cups-[0-9]*             1721,denial-of-service        =20
cups-[0-9]*             1722,arbitrary-code-execution =20

If the recent patches have indeed corrected these advisories, could
someone please update the pkg-vulnerabilities file?  (Note that SA
18332 is for CUPS, 18303 is for xpdf, but they seem to describe the
same vulnerability.)


Andrew Daugherity